Candidate: CVE-2015-0857
PublicDate: 2016-05-06 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0857
Description:
 Cool Projects TarDiff allows remote attackers to execute arbitrary commands
 via shell metacharacters in the name of a (1) tar file or (2) file within a
 tar file.
Ubuntu-Description:
Notes:
 mdeslaur> not completely handled in 0.1-3
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_tardiff:
upstream_tardiff: released (0.1-5)
precise_tardiff: DNE
precise/esm_tardiff: DNE
trusty_tardiff: released (0.1-2+deb8u2build0.14.04.1)
trusty/esm_tardiff: DNE (trusty was released [0.1-2+deb8u2build0.14.04.1])
vivid_tardiff: ignored (reached end-of-life)
vivid/stable-phone-overlay_tardiff: DNE
vivid/ubuntu-core_tardiff: DNE
wily_tardiff: released (0.1-2+deb8u2build0.15.10.1)
xenial_tardiff: released (0.1-5~build0.16.04.1)
yakkety_tardiff: not-affected (0.1-5)
zesty_tardiff: not-affected (0.1-5)
artful_tardiff: not-affected (0.1-5)
bionic_tardiff: not-affected (0.1-5)
cosmic_tardiff: not-affected (0.1-5)
devel_tardiff: not-affected (0.1-5)